In the current implementation the control interface is over plain HTTP and bind to localhost by default.

This can be problematic on setups where an adversary is on the same machine as the server.

Proper bastion of the control interface is key to a secure Kapow! deployment.

Think a solution and implement it.